GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

🗓️ 15 Nov 2023 00:00:00Reported by MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]Type

zdi🔗 www.zerodayinitiative.com👁 33 Views

GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability - allows remote attackers to execute arbitrary code on affected installations. The vulnerability is caused by lack of proper validation of user-supplied data in parsing AV1 encoded video files.

Reporter	Title	Published	Views	Family All 110
ATTACKERKB	CVE-2023-44429	3 May 202403:15	–	attackerkb
Tenable Nessus	Amazon Linux 2 : gstreamer1-plugins-bad-free (ALAS-2023-2355)	4 Dec 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0011: gstreamer1-plugins-bad-free (ALINUX3-SA-2024:0011)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : gstreamer1-plugins-bad-free (ALSA-2023:7791)	15 Dec 202300:00	–	nessus
Tenable Nessus	Debian DSA-5565-1 : gst-plugins-bad1.0 - security update	26 Nov 202300:00	–	nessus
Tenable Nessus	Fedora 39 : gst-devtools / gstreamer1 / gstreamer1-doc / python-gstreamer1 (2023-1661e0af22)	18 Nov 202300:00	–	nessus
Tenable Nessus	Fedora 39 : gstreamer1-plugin-libav / gstreamer1-plugins-bad-free / etc (2023-6a4aea6d13)	18 Nov 202300:00	–	nessus
Tenable Nessus	Fedora 38 : gst-devtools / gstreamer1 / gstreamer1-doc / python-gstreamer1 (2023-7bd66f219f)	29 Nov 202300:00	–	nessus
Tenable Nessus	GLSA-202406-06 : GStreamer, GStreamer Plugins: Multiple Vulnerabilities	29 Jun 202400:00	–	nessus
Tenable Nessus	MiracleLinux 9 : gstreamer1-plugins-bad-free-1.22.1-2.el9_3 (AXSA:2023-7048:03)	20 Jan 202600:00	–	nessus

Source	Link
gstreamer	www.gstreamer.freedesktop.org/security/sa-2023-0009.html

15 Nov 2023 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 38.8

EPSS0.02189